什么是SALT,我该如何使用? [英] What is SALT and how do i use it?
问题描述
我一直在搜索,但是我仍然不确定盐"是什么以及如何使用/实现它.抱歉,这个问题很笨拙,我是在自学php.
I have been searching around and I am still unsure of what a "salt" is and how to use/implement it. Sorry for the noobish question, I am self learning php.
推荐答案
我绝对不是专家,但真正简短的答案是对文本行涂盐"意味着在其末尾添加一些额外的字符.您可以将"salt"和"abcdefg"加盐以获得"saltabcdefg".如果盐"恰好是您想要使其更难猜测的密码,则这可能很有用.
I am definitely not an expert, but the really short answer is that "salting" a line of text means to stick a few extra characters on the end of it. You could salt "salt" with "abcdefg" to get "saltabcdefg". This might be useful if "salt" happens to be a password that you'd like to make more difficult to guess.
通常,密码+盐会通过一些难以逆转的过程转换(散列")为完全不同的字符串.然后,将这个转换后的字符串与salt的纯文本一起存储为密码,然后丢弃正确的密码的原始纯文本.当您想检查某人是否输入了正确的密码时,可以将他们键入的内容与密码文件中列出的salt结合起来,然后对结果进行哈希处理.如果结果与您记录的密码哈希匹配,那么您知道它们已经输入了正确的密码.
Typically, the password+salt are transformed ('hashed') by some difficult-to-reverse process into a completely different string. This transformed string is then stored as the password, together with the plaintext of the salt, and the original plain text of the password proper is tossed away. When you want to check that someone has input the correct password, you combine whatever they've typed in with the salt that's listed in the password file and then hash the result. If the result matches the password hash you have on record, then you know that they've put in the right password.
加盐可以很容易,只需捡起一根绳子作为盐,然后确保您对其进行跟踪即可.但是,您可以根据每个密码来更改盐,然后,您必须拥有一种跟踪密码+盐组合以及生成变体的方法.当然,您可能还希望对密码进行哈希处理,而不是保存密码的纯文本,因此,您必须选择一个哈希函数.在这一点上,问题已经从适当的解决发展到实施密码安全方案.
Implementing a salt can be as easy as picking a string to serve as the salt and then making sure you keep track of it. But, you could vary the salt with each password, and then you'll have to have a way of keeping track of password+salt combinations as well as generating the variations. Of course, you'll probably also want to hash the password rather than saving the password's plain text, and so you'll have to pick a hash function. At this point, the problem has proceeded from salting proper to implementing a password security scheme.
对于PHP,您可能想看看某些框架是如何实现这一点的.两个快速链接,分别用于CakePHP和Zend:
For PHP, you might want to look at how some of the frameworks have implemented this. Two quick links, for CakePHP and Zend, respectively:
http://www.jotlab.com /2010/04/18/cakephp-rainbow-table-protection-behaviour/
http://www .zimuel.it/blog/2009/07/build-a-secure-login-with-zend-framework/
这篇关于什么是SALT,我该如何使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
